Um, Chairman Rogers, Your Slip is Showing...

So, about a year-and-a-half ago, the Chairman of the U.S. House of Representatives Permanent Select Committee on Intelligence (a mouthful otherwise known as HPSCI) introduced a bill known as the "Cyber Intelligence Sharing and Protection Act (CISPA... yeah, yeah, I know...) which was intended to allow for the sharing of Internet traffic and cyber-threat information between the U.S. government and technology and manufacturing companies.

Seems logical, and necessary.  And, well, in theory, it is.

In order to bring a sense of urgency to his bill, among other things, the Chairman mounted an almost-year-long defamation campaign against legitimate and world-proven China-based multinationals, including my employer Huawei. 

Is China hacking our networks? Hell yeah (and we, of course, theirs).  Does that have anything to do with Huawei?  Nope.  But, the Chairman needed a boogeyman, and, moreover, he needed to appease his corporate contributors wary of competition, so he chose an innocent China-based company as his proxy for pursuing his otherwise legitimate concerns with China.

It's ugly.  But it is - sadly - what politics have become.

But hey, Mr. Chairman, you can't have it both ways...

When CISPA passed the House yesterday, the Chairman commented publicly (as reported by the American Center for Democracy Economic Warfare Institute (http://econwarfare.org/?utm_source=The+Cyber+Nervous+Nellies&utm_campaign=ACD%2FEWI+BLOG&utm_medium=email): "I am very proud that so many of my colleagues were able to look past the distortions and fear mongering about this bill, and see it for what it really is -- a very narrow and focused authority to share cybersecurity threat information."

With all due respect Mr. Chairman, are you f*cking kidding?

When it comes to distorting cyber-fear mongering, you Sir, have no peers – Indeed, I'm not sure there's enough Internet to catalog the extent of cyber-whoppers you've spewed, and that’s just over the last year.

Ah well, I guess we all have our priorities.

And, in the Chairman's case, as reported this week by Techdirt, his motivation may well be quite personal.  Indeed, please pardon the lengthy excerpt from the Techdirt article, but, well, it speaks for itself:

“Of course, as we've noted all along, all attempts at cybersecurity legislation have always been about money. Mainly, money to big defense contractors aiming to provide the government with lots of very expensive "solutions" to the cybersecurity "problem" -- a problem that still has not been adequately defined beyond fake scare stories. Just last month, Rogers accidentally tweeted (and then deleted) a story about how CISPA supporters, like himself, had received 15 times more money from pro-CISPA group that the opposition had received from anti-CISPA groups.

So it seems rather interesting to note that Rogers' wife, Kristi Clemens Rogers, was, until recently, the president and CEO of Aegis LLC a "security" defense contractor company, whom she helped to secure a $10 billion (with a b) contract with the State Department. The company describes itself as "a leading private security company, provides government and corporate clients with a full spectrum of intelligence-led, culturally-sensitive security solutions to operational and development challenges around the world."

Hmm. Sounds like a company like that would benefit greatly to seeing a big ramp up in cybersecurity FUD around the globe, and, with it, big budgets by various government agencies to spend on such things. Indeed, just a few months ago, Rogers penned an article for Washington Life Magazine all about evil hackers trying to "steal information... The article is typical FUD, making statements with no proof, including repeating the NSA's ridiculous allegation that hackers have led to the "greatest transfer of wealth in American history." It's such a good line, except that it's completely untrue. The top US companies have recently admitted to absolutely no damage from such attacks.

(Link to the full Techdirt article: http://www.techdirt.com/articles/20130417/16253022748/oh-look-rep-mike-rogers-wife-stands-to-benefit-greatly-cispa-passing.shtml).

Like I said, it speaks for itself...

Perhaps the Chairman should be asked to prove the negative? 

God only knows he should be familiar with the approach...

What a maroon...

You gotta love it when a loon is exposed as a loon.

Last summer, ZDNet featured an article that was summarized as follows:

A former Pentagon analyst reports the Chinese government has "pervasive access" to about 80 percent of the world's communications, and it is looking currently to nail down the remaining 20 percent. Chinese companies Huawei and ZTE Corporation are reportedly to blame for the industrial espionage. 

(full text of article at http://www.zdnet.com/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms-7000000908/)

I get it.  At the time the article was posted, we were all in the midst of the heat and stench of the House Intelligence Committee's now-acknowledged-as-beyond-vapid Huawei witch-hunt, so, well, yeah, I get it, sex sells.

But, um, a "former Pentagon analyst?"

The so-called "analyst" was indeed once with the Pentagon, a key contributor in the DoD "Office of Special Plans" which has since been credited with having contrived the, uh, "inaccurate intelligence" on WMD's that justified our invasion of Iraq.  Of course that was before the analyst had his security clearance stripped and was forced on leave for participating in gun-running to Liberia with a Lebanese partner. 

Whoops.

'Course he didn't limit his observations on Huawei to ZDNet - Oh no, he was all over the blogosphere (primarily in the fringe cyber-paranoid section), opining willy-nilly about shit about which he had absolutely no knowledge.

So, in any event, I was tickled today to stumble across his seemingly deadly-serious article on WorldNetDaily (don't get me started) suggesting that North Korea - by virtue of its ties to Al Qaida - was behind the Boston Marathon bombing (his article was front and center next to another titled "Another killer disease striking homosexuals").  Jesus.

Full text of his "reporting" at: http://www.wnd.com/2013/04/north-korea-linked-to-marathon-bombing/

Again, in the words of Bugs Bunny: "What a maroon."

Rational Cyber-Thought: A Trend?

In my recent April 11 post reporting on a U.S. Government study that contradicted elements of histrionic cyber-fear-mongering (http://mbplrcbd.blogspot.com/2013/04/gao-no-cyber-related-incidents.html), I concluded with some esoteric thoughts on what would really be necessary to better ensure cyber-security, in the U.S., and globally:

I reminded folks that cyber-concerns and challenges are very real and very global and that they affect us all and will only be managed through the development of global standards, disciplines and norms of behavior.    

I highlighted that industry can do its part in terms of ensuring the quality, integrity and security of processes and products via the establishment of state-of-the-art disciplines, standards and assessment criteria.

And then, adding that none of that would mean squat if governments don't own up to their own share of the challenge, I called for State-to-State dialogue to define baseline cyber behavior, starting with something as simple as agreeing not to use information and communications technology (ICT) and networks to carry out hostile activities or to pose threats to international peace, security or commerce.

Well shit.  Guess what?

Commenting over the weekend on his discussions with Chinese Government authorities during his recent visit to China, Secretary of State Kerry on April 13 said:

“…We also discussed cyber security, and we agreed there also that we will create an immediate working group because cyber security affects everybody. It affects airplanes in the sky, trains on their tracks. It affects the flow of water through dams. It affects transportation networks, power plants. It affects the financial sector, banks, financial transactions. Every aspect of nations in modern times are affected by use of cyber networking, and obviously all of us, every nation, has an interest in protecting its people, protecting its rights, protecting its infrastructure. And so we are going to work immediately on an accelerated basis on cyber.”

Earlier in the day, China's official Xinhua news agency quoted Foreign Minister Wang Yi as telling Kerry in their meeting that China and the United States should make joint efforts to safeguard cyberspace. Cyberspace should be an area where the two countries can increase mutual trust and cooperation, Wang told Kerry, according to Xinhua.   Good stuff, regardless whether he really means “mutual trust and cooperation” or “common cause and defense” (check out my year-old March 28, 2012 post which suggested that the cooperation announced this weekend was an almost certain eventuality - http://mbplrcbd.blogspot.hk/2012/03/mad-about-cyber-security.htm).

As a result of the talks, both sides agreed on the need for cooperation and, per Secretary Kerry, “So we will now have a working group that will start immediately to prepare for talks in the week of July 8th in what is called the S&ED, the Security and Economic Development Dialogue that takes place between China and the United States.

So let’s get on with it already. 

And, while we’re at it: Perhaps the two Government could muzzle their respective xenophobes and call off whatever protectionist global-market destroying policies they may have cooking.  

In the case of the U.S., that latter point is a very specific reference to the clever little “notify and negotiate” competition-killing traps wrapped into approval/pending approval of T-Mobile/MetroPCS and Softbank/Sprint (please review http://mbplrcbd.blogspot.com/2013/04/when-worlds-blog-posts-and-head-fakes.html for further detail on such shenanigans).

GAO: No Cyber-Related Incidents Affecting Networks

So, um, well, no surprise really...  

Damn.  The way things have been developing lately in the U.S. it must suck to be a mis-informed Sinophobic protectionist masquerading as a cyber-hero...

(Sorry).  

So, what are we talking about here?

Well, way back in October 2011, the U.S. House of Representatives Energy and Commerce Committee (E&C) tasked the Government Accountability Office (GAO) – the investigative arm of the US Congress – to conduct a comprehensive study on supply chain risk associated with the Information Communications Technology industry.

(Don't nod off just yet folks).

A critical element of the GAO study – titled “COMMUNICATIONS NETWORKS: Outcome-Based Measures Would Assist DHS in Assessing Effectiveness of Cybersecurity Efforts” was released publicly this week.

(Hang in there…)

GAO was asked by E&C to (1) identify the roles of and actions taken by key federal entities to help protect communications networks from cyber-based threats, (2) assess what is known about the extent to which cyber incidents affecting the communications networks have been reported to the FCC and DHS, and (3) determine if Defense’s pilot programs to promote cybersecurity in the defense industrial base can be used in the communications sector. To do this, GAO focused on core and access networks that support communication services, as well as critical components supporting the Internet.  GAO analyzed federal agency policies, plans, and other documents; interviewed officials; and reviewed relevant reports.

(Phew… Stay with me please – the good stuff’s coming)

The Report, which provides valuable simple-to-understand schematics of communications networks, Internet infrastructure and routing processes, as well as simple and easy-to-understand glossaries of threat sources and types of exploits, finds that “No cyber-related incidents affecting core and access networks have been recently reported to FCC and DHS through established mechanisms…of the over 35,000 outages reported to FCC during this time period , none were related to traditional cyber threats (e.g., botnets, spyware, viruses, and worms).”

What, what, what?  That seems inconsistent with the braying of my favorite Congressional Chairman (do elephants bray?)

But wait, there’s more…

While the Report is focused on potential disruption (or the lack thereof), it also casts doubt on allegations of rampant data exfiltration or commercial espionage by highlighting that networks – core and access – are the plumbing through which cyber-mischief takes place, not the sources of mischief themselves:  “Officials within FCC and the private sector attributed the lack of incidents to the fact that the communications networks provide the medium for direct attacks on consumer, business, and government systems…,” but do not incite such incidents themselves.

Oh dear… Mr. Chairman?

Look, you marry the GAO study up with the fact that U.S. industry and the friggin’ White House are now pointing at “geographic exclusions” as ineffective in terms of cybersecurity and dangerous in terms of trade, competition and innovation (see my recent post: http://mbplrcbd.blogspot.hk/2013/04/when-worlds-blog-posts-and-head-fakes.html), and you get reality.

Over the last three years, we have seen the increasing potential of cyber-threats and the increasing politicization of such threats. 

Cyber-concerns are very real, and they are very global.  They will only be managed through the development of global standards, disciplines and norms of behavior.

In terms of technology, management, processes and logistics, industry should focus on ensuring the quality, integrity and security of processes and products and should strive to implement state-of-the-art disciplines to meet these objectives, across product life-cycle, administration, human resources and other operations.

But, no matter the level of security industry might build into processes and products, malicious cyber-behavior will persist.  The time has come for Government to take up such matters between themselves and to work towards the establishment of global norms and standards of behavior instead of interfering with matters of legitimate commerce.

At the very least, Governments around the world should agree to baseline cyber principles, including:

·        Not to use ICTs including networks to carry out hostile activities or acts of aggression or to pose threats to international peace and security;

·        Not to proliferate information weapons and related technologies;

·       To endeavor to ensure the supply chain security of ICT products and services.

·       To encourage industry and consumers to understand their roles and responsibilities with regard to information security  in order to facilitate  a culture of information security and the protection of critical information infrastructures.

Cybersecurity is perhaps the foremost challenge presented by globalization.  Addressing this challenge is critical if markets around the world are to continue to reap the benefits of globalization.

Companies like my employer Huawei Technologies, sit at the center of sophisticated global ecosystems in what is essentially a trans-national industry: The information and communications technology (ICT) industry.

We drive competition and innovation around the world.

We sustain high technology partners and suppliers, inspiring innovation and co-innovation, lowering the cost and widening the spread of ubiquitous broadband.

We invest billions of dollars in 100's of global markets, supporting hundreds of thousands of jobs across the world – directly, and indirectly through suppliers, partners and customers.

And Huawei is not unique.  We have industry peers that sustain similar and overlapping global ecosystems - We are many tides that lift many boats.

So what am I getting at?  

Short and sweet: Maintaining the distributed economic benefit of globalization is in all of our best interests – it should not be held hostage to politics.  

Appropriately addressing global cybersecurity challenges – including at the political level – should be a globally-shared goal.  And government should be held accountable...

When Worlds, Blog Posts and Head-Fakes Collide

On March 19, I blogged about the clever U.S. Government head-fake "approval" of T-Mobile's acquisition of smaller U.S. carrier MetroPCS (link to that post: http://mbplrcbd.blogspot.hk/2013/03/exposing-clever-trade-barrier.html).

Seemingly exercising its authority to review the transaction in the context of “… public interest factors...determining whether to grant a foreign-affiliated carrier's application…including…national security, law enforcement issues, foreign policy and trade concerns,” the FCC approved the deal with an interesting amendment to previous agreements with T-Mobile which requires the carrier to provide the Departments of Justice and Homeland Security a list of current vendors and equipment and advance warning before selecting any new vendor and, related to either or both, to “negotiate in good faith to resolve any national security, law enforcement or public safety concerns DOJ or DHS may raise in response to any disclosure…”

Now, on the face of it, this seems reasonable enough, although I think that most informed stakeholders caught the Government's anti-China-based telecom vendor wink-and-nod.

If they didn't, however, House Intelligence Chairman Mike Rogers spewed it out rather plainly in his March 29 Sinophobic spittle-spraying statements about the concurrent Government review of Japan-based Softbank's purchase of the majority stake of Sprint.  As I blogged that day (http://mbplrcbd.blogspot.hk/2013/03/ten-days-ago-i-posted-on-what-i-called.html), Rogers claimed that he had secured Sprint and Softbank promises to not deploy Huawei gear in its U.S. networks, and that he expected the same to be codified in any Government approval of the deal (industry scuttlebutt has it, by the way, that certain of the commercial parties that Rogers references were puzzled by his comment, given that they don't recall having such conversations with him).

While it’s unclear whether anyone has any real visibility into the Sprint-Softbank deliberations, it’s fair to imagine that the path will follow the trail blazed by the T-Mobile/MetroPCS model.

Now, while all of this was going on, the U.S. Administration and Congress were struggling to agree a budget so that a full-fledged Federal Government furlough might be avoided come the end of March (for more on this, see my whimsical February 28th post: http://mbplrcbd.blogspot.hk/2013/02/of-furloughs-past-and-future.html).

Tucked inside the 240-page spending bill approved by the Congress and signed by the President in the waning days of March was a tiny little paragraph (Section 516) which, riding the wave of cyber-histrionics, would preclude select Federal Government Agencies from procuring information and communications technology (ICT) gear from companies "owned, directed or subsidized" by the Peoples' Republic of China.  This little seed of a potentially disastrous trade war was reportedly tacked on late-in-the-day by none other than Rep. Frank Wolf (Remember him? See my blog post from April 29, 2012: http://mbplrcbd.blogspot.hk/2012/04/fun-with-facts-featuring-rep-wolf-r-va.html).

After two years of escalating U.S. Government cyber-veiled China-bashing, the end of March 2013 seems to have defined an inflection point, at least in terms of holding hostage legitimate commercial entities and activities in vain attempts to change Chinese Government behavior.

At a March 28 press conference China's Foreign Ministry Spokesperson Hong Lei responded to a question about Section 516: "The bill uses cyber security as an excuse to take discriminatory steps against Chinese companies.  It does not help with the mutual trust between China and the United States and will interfere with bilateral economic and trade relations.  We urge the U.S. to abandon the practice and do more that is conducive to China-U.S. mutual trust and development of bilateral relations."

But the real heavy-hitters weighed in just a week later.   

In an April 4 letter addressed to House and Senate leadership, The U.S. Chamber of Commerce, Information Technology Industry Council, Business Software Alliance, and eight other prominent industry and technology associations communicated American industry's sympathy for the Government's IT security concerns but further expressed its strong belief that "geographic-based restrictions are ineffective and promote a false sense of security."  The letter further warned that "Section 516 creates challenges that could undermine U.S.-based companies global competitiveness," citing specific concerns that other countries might borrow from the U.S. model and adopt similar restrictions targeting U.S. companies.

(Aside: Gee, all of that sounds remarkably familiar.  Check out the tail end of this Bloomberg TV interview from last October: (http://www.bloomberg.com/video/huawei-s-plummer-says-house-report-almost-reckless-wdjt~TtIS6GcjZBX5ANMUA.html); or note my quote in the more recent January 2013 Reuters article on related matters: "Blackballing legitimate multinationals based on country of origin is reckless, both in terms of fostering a dangerously false sense of cyber-security and in threatening the free and fair global trading system that the U.S. has championed for the last 60-plus years."  (http://www.reuters.com/article/2013/01/07/us-huawei-alamos-idUSBRE90608B20130107)

Things got even more interesting when - a mere day after the U.S. industry missive to Congress was delivered - The Hill (a D.C.-based political trade pub) reported that the White House had come out against Section 516 (I know, I know - they signed the bill and now are opposing a provision in the bill.  Lets not go there right now...).  Link to The Hill's report: http://thehill.com/blogs/hillicon-valley/technology/292153-white-house-criticizes-ban-on-chinese-tech-products, which includes the following key quotes from a White House spokesperson:

"The undefined terms of this provision will make implementation challenging."

"It could prove highly disruptive without significantly enhancing the affected agencies’ cybersecurity. While the Administration has raised concerns about the cyber threats emanating from China, resolving this issue requires open dialogue between the U.S. and China."

(To that latter point: Check out my March 28, 2012 post on this topic: http://mbplrcbd.blogspot.hk/2012/03/mad-about-cyber-security.html).

It would seem that rational thought is breaking out all over the place.

But, let's not get head-faked again.

Zip back up to the opening paragraphs of this post.  The wink-and-nod FCC provisions attached to the T-Mobile/Metro and, presumably (not-yet-confirmed), Softbank/Sprint deals are no less market-distorting, anti-competitive and trade-war incendiary than Section 516 of the budget bill.  And, the sentiments from U.S. industry and the White House expressed in relation to Section 516 are no less relevant to the FCC provisions.  

As long as we're cleaning house, we would be remiss if we were not to get to all of the nooks and crannies…  

This will bear watching.

A Grain of Salt: Is the CSIS guy really an "Expert?"

For those who've been following this blog, you'll have noticed that it has morphed over time, from the lonely posts of a father on the road, to geeky posts from a wireless pioneer (okay, kinda), to posts defending free and fair global trade, as well as my current employer which, summed up, is the victim of American racism - not just protectionism - due to its heritage in China.

In a previous career, when I was at Nokia, I met a man at the Commerce Department in the Office of National Security and Foreign Policy.  At the time, in the late 90's, Nokia was introducing the "Communicator" to the market, a shoe-sized phone (featured in Val Kilmer's movie "The Saint") that could surf the web, and which incorporated 128 bit encryption, which, back then, made it of some interest to American export control officials.

The Commerce guy seemed nice enough at the time.

Not long after joining Huawei three years ago, I re-established contact with this gentleman, who had relocated himself to the prestigious Center for Strategic and International Studies (CSIS) in Washington, D.C.   

He seemed a nice enough guy at the time...

Over the last couple of years, however, the now-branded cyber-expert has established himself as a not-terribly-nice guy, at least when it comes to Huawei, my employer. 

Fair enough.  He has his career, I have mine.

But, you know, fair only goes so far. 

At some point along the way, this one-time bureaucrat, now-christened “scholar” joined a chorus of wildly fact-free Sinophobic Washingtonians taking potshots at my company. 

Hey, I've got no issues with objecting to Chinese Government cyber-mischief (nor with concerns about what our own government is up to - whether abroad or, scarily enough, at home), but when it comes to promoting an anti-China agenda by libeling an innocent company that just happens to be headquartered there - which also happens to be my employer - that's no longer fair.

So, just as I've recently used this blog to call out a prominent Congressional fibber, I'll take a shot at calling out this CSIS “expert.”  I mean, it's all fine and good to toss out dirty one-liners, but, hey, how about backing them up or shutting the f*ck up.

(Whoops.  Sorry).  

Now, let’s see, where should we begin?

Let's start with "60 Minutes," our expert's big claim to Huawei-bashing fame, in which he reprised tired misinformation about Huawei having been birthed at the teat of Cisco innovation.

What exactly did our seemingly compromised “cyber expert” say that was so egregious?   

Bold-faced and willful lies.

A quick digression: The hullabaloo about Huawei having at some point engaged in intellectual property theft dates back to 2003.  At that time, Huawei identified that a miniscule percentage of code in a single module of one of its router products had incorporated Cisco code that had been floating around on the open Internet.  Cisco sued.  Huawei and Cisco settled.  Huawei product being shipped as of the settlement was already clean of the offending code.  Details of the settlement remain confidential.  And, yes, there were allegations that Huawei had also copied Cisco router user manuals.

Yet, on an October 2012 60 Minutes program focused on Huawei, the CSIS expert made the following observation when asked “What about Cisco?”

“The big obstacle in the telecom industry is R&D.  You have to do R&D and be at the cutting edge to be in the game.  And if you can just take it from a world leader like Cisco, you’re gonna get a huge advantage and that’s what Huawei did.  They copied, they took things apart, they reverse-engineered, they used the manuals right down to the last comma.  Everything they did was kinda Cisco-based…One of the things that gave Huawei an early edge was the fact that they took Cisco technology.”

Okay.  Let’s tear this garbage to shreds (which is what 60 Minutes might have done if they’d not utterly sacrificed integrity for political sops and “intrigue”-based ratings).

“You have to do R&D and be at the cutting edge to be in the game.”  At the time of the 2003 Cisco case, Huawei was investing 10+% of annual revenues into R&D (hundreds of millions of dollars) and had been doing so consistently for the better part of ten years.   Indeed, by 2002 Huawei was filing about 1,000 patents annually (well eclipsing Cisco).  Long story short: In 2003 Huawei was already an intellectual property powerhouse based on billions of dollars in R&D invested over the preceding decade.

“They copied, they took things apart, they reverse engineered, they used the manuals right down to the last comma.”  Our intrepid cyber expert throws this catch-all statement out there as if it were some sort of string of self-evident truths when in fact the only reference with any basis in reality is the one about the manuals (While I personally don’t know how the issue of the manuals was addressed beyond that Huawei withdrew and re-issued user manuals, let’s be honest, routers are pretty much commoditized and their end-user application is pretty standard – did some Huawei marketing guy get lazy and go online and download a template?  Who knows?  I don’t.  Bad form?  Yeah.   A monstrous intellectual property violation?   Uh, hardly).  The rest of the “expert’s” statement is unsubstantiated fluff which literally cried out for the 60 Minutes correspondent to challenge it.

“Everything they did was kinda Cisco-based.”  This is the height of our expert’s absurdity.  A wild and willful falsehood.  A quick look at the product portfolios of Cisco and Huawei in 2003 exposes this utterly ridiculous statement for what it is.  Huawei’s broad and diverse portfolio of products spanning fixed, wireless, cable, fiber and IP-based networking solutions matched and/or exceeded and/or was significantly divergent from Cisco’s.  The miniscule section of code from a single module in a single router product which was the subject of the 2003 case - whatever the facts may have been - was little more than an inconsequential burp in the grand scale of Huawei’s business.  I’m not forgiving it, I’m just putting it in context.

“One of the things that gave Huawei an early edge was the fact that they took Cisco Technology.”  As if telling the lie once wasn’t enough, our expert decided to conclude his remarks by making it yet a broader statement.  And the 60 Minutes correspondent, sigh, swallowed the whole load without challenge.

Now, don’t get me wrong.  Our favorite CSIS cyber expert isn't usually quite so bold in his fibbing.  But he’s definitely biased, indeed, almost seemingly bought-and-paid for (by whom is a question, perhaps, for another post)…

…And he is prolific. 

A grain of salt folks, a grain of salt…

You wanna put our expert in really unique perspective?  

Link back to my February 13, 2011 blog post about a company called Hua Mei (NOT Huawei) which exported some nasty stuff to Saddam Hussein.  Strangely enough, folks in the U.S. Government have tried to pin this one on Huawei, notwithstanding very publicly available GAO and other U.S. Government documentation demonstrating the truth.  Yet a bit more strange?: Our very same CSIS "cyber expert" was the Commerce Department official at the time that signed the Freedom of Information Act (FOIA) response obfuscating and denying information to American public requests for clarification about Hua Mei.

Go on, Google it...  

Indeed, let's play his game: "Prove the negative."

Another grain of salt...